Issues in TokenManager.php - New Issues - Inspection of "[tx-robot] updated from transifex" - nextcloud/richdocuments - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 040597...de1065 )

unknown

created 2019-08-12 02:45 UTC

lib/TokenManager.php (1 issue)

Labels

Duplication 1

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * @copyright Copyright (c) 2016 Lukas Reschke <[email protected]>
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

namespace OCA\Richdocuments;

use OC\Share\Constants;
use OCA\Richdocuments\Db\WopiMapper;
use OCA\Richdocuments\Helper;
use OCA\Richdocuments\Db\Wopi;
use OCA\Richdocuments\WOPI\Parser;
use OCP\Files\File;
use OCP\Files\IRootFolder;
use OCP\IGroupManager;
use OCP\IURLGenerator;
use OCP\IUserManager;
use OCP\Share\IManager;
use OCP\IL10N;
use OCP\Util;

class TokenManager {
	/** @var IRootFolder */
	private $rootFolder;
	/** @var IManager */
	private $shareManager;
	/** @var IURLGenerator */
	private $urlGenerator;
	/** @var Parser */
	private $wopiParser;
	/** @var AppConfig */
	private $appConfig;
	/** @var string */
	private $userId;
	/** @var WopiMapper */
	private $wopiMapper;
	/** @var IL10N */
	private $trans;
	/** @var IUserManager */
	private $userManager;
	/** @var IGroupManager */
	private $groupManager;

	/**
	 * @param IRootFolder $rootFolder
	 * @param IManager $shareManager
	 * @param IURLGenerator $urlGenerator
	 * @param Parser $wopiParser
	 * @param AppConfig $appConfig
	 * @param string $UserId
	 * @param WopiMapper $wopiMapper
	 * @param IL10N $trans
	 */
	public function __construct(IRootFolder $rootFolder,

								IManager $shareManager,
								IURLGenerator $urlGenerator,
								Parser $wopiParser,
								AppConfig $appConfig,
								$UserId,
								WopiMapper $wopiMapper,
								IL10N $trans,
								IUserManager $userManager,
								IGroupManager $groupManager) {
		$this->rootFolder = $rootFolder;
		$this->shareManager = $shareManager;
		$this->urlGenerator = $urlGenerator;
		$this->wopiParser = $wopiParser;
		$this->appConfig = $appConfig;
		$this->trans = $trans;
		$this->userId = $UserId;
		$this->wopiMapper = $wopiMapper;
		$this->userManager = $userManager;
		$this->groupManager = $groupManager;
	}

	/**
	 * @param string $fileId
	 * @param string $shareToken
	 * @param string $editoruid
	 * @return array
	 * @throws \Exception
	 */
	public function getToken($fileId, $shareToken = null, $editoruid = null, $direct = false) {
		list($fileId,, $version) = Helper::parseFileId($fileId);
		$owneruid = null;
		$hideDownload = false;
		// if the user is not logged-in do use the sharers storage
		if($shareToken !== null) {
			/** @var File $file */
			$rootFolder = $this->rootFolder;
			$share = $this->shareManager->getShareByToken($shareToken);
			$updatable = (bool)($share->getPermissions() & \OCP\Constants::PERMISSION_UPDATE);
			$hideDownload = $share->getHideDownload();
			$owneruid = $share->getShareOwner();
		} else if ($this->userId !== null) {
			try {
				$editoruid = $this->userId;
				$rootFolder = $this->rootFolder->getUserFolder($editoruid);

				$files = $rootFolder->getById((int)$fileId);
				$updatable = false;
				foreach ($files as $file) {
					if ($file->isUpdateable()) {
						$updatable = true;
						break;
					}
				}

				// Check if the editor (user who is accessing) is in editable group
				// UserCanWrite only if
				// 1. No edit groups are set or
				// 2. if they are set, it is in one of the edit groups
				$editGroups = array_filter(explode('|', $this->appConfig->getAppValue('edit_groups')));
				$editorUser = $this->userManager->get($editoruid);
				if ($updatable && count($editGroups) > 0 && $editorUser) {
					$updatable = false;
					foreach($editGroups as $editGroup) {
						 $editorGroup = $this->groupManager->get($editGroup);
						 if ($editorGroup !== null && $editorGroup->inGroup($editorUser)) {
							$updatable = true;
							break;
						 }
					}
				}
			} catch (\Exception $e) {
				throw $e;
			}
		} else {
			$rootFolder = $this->rootFolder;
			// no active user login while generating the token
			// this is required during WopiPutRelativeFile
			if (is_null($editoruid)) {
				\OC::$server->getLogger()->warning('Generating token for SaveAs without editoruid');
			} else {
				// Make sure we use the user folder if available since fetching all files by id from the root might be expensive
				$rootFolder = $this->rootFolder->getUserFolder($editoruid);
			}
			$updatable = true;
		}
		/** @var File $file */
		$file = $rootFolder->getById($fileId)[0];
		// If its a public share, use the owner from the share, otherwise check the file object
		if (is_null($owneruid)) {
			$owner = $file->getOwner();
			if (is_null($owner)) {
				// Editor UID instead of owner UID in case owner is null e.g. group folders
				$owneruid = $editoruid;
			} else {
				$owneruid = $owner->getUID();
			}
		}
		$serverHost = $this->urlGenerator->getAbsoluteURL('/');//$this->request->getServerProtocol() . '://' . $this->request->getServerHost();

		if ($this->userId === null && isset($_COOKIE['guestUser']) && $_COOKIE['guestUser'] !== '') {
			$guest_name = $this->trans->t('%s (Guest)', Util::sanitizeHTML($_COOKIE['guestUser']));
		} else {
			$guest_name = NULL;
		}

		$wopi = $this->wopiMapper->generateFileToken($fileId, $owneruid, $editoruid, $version, (int)$updatable, $serverHost, $guest_name, 0, $hideDownload, $direct);

		try {

			return [
				$this->wopiParser->getUrlSrc($file->getMimeType())['urlsrc'],
				$wopi->getToken(),
			];
		} catch (\Exception $e){
			throw $e;
		}
	}

	public function getTokenForTemplate(File $file, $userId, $templateDestination, $direct = false) {
		$owneruid = $userId;
		$editoruid = $userId;
		$updatable = $file->isUpdateable();
		// Check if the editor (user who is accessing) is in editable group
		// UserCanWrite only if
		// 1. No edit groups are set or
		// 2. if they are set, it is in one of the edit groups
		$editGroups = array_filter(explode('|', $this->appConfig->getAppValue('edit_groups')));
		$editorUser = $this->userManager->get($editoruid);
		if ($updatable && count($editGroups) > 0 && $editorUser) {
			$updatable = false;
			foreach($editGroups as $editGroup) {
				$editorGroup = $this->groupManager->get($editGroup);
				if ($editorGroup !== null && $editorGroup->inGroup($editorUser)) {
					$updatable = true;
					break;
				}
			}
		}

		$serverHost = $this->urlGenerator->getAbsoluteURL('/');

		$wopi = $this->wopiMapper->generateFileToken($file->getId(), $owneruid, $editoruid, 0, (int)$updatable, $serverHost, null, $templateDestination, $direct);

		return [
			$this->wopiParser->getUrlSrc($file->getMimeType())['urlsrc'],
			$wopi->getToken(),
		];
	}
}


1		<?php
2		/**
3		* @copyright Copyright (c) 2016 Lukas Reschke <[email protected]>
4		*
5		* @license GNU AGPL version 3 or any later version
6		*
7		* This program is free software: you can redistribute it and/or modify
8		* it under the terms of the GNU Affero General Public License as
9		* published by the Free Software Foundation, either version 3 of the
10		* License, or (at your option) any later version.
11		*
12		* This program is distributed in the hope that it will be useful,
13		* but WITHOUT ANY WARRANTY; without even the implied warranty of
14		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15		* GNU Affero General Public License for more details.
16		*
17		* You should have received a copy of the GNU Affero General Public License
18		* along with this program. If not, see <http://www.gnu.org/licenses/>.
19		*
20		*/
21
22		namespace OCA\Richdocuments;
23
24		use OC\Share\Constants;
25		use OCA\Richdocuments\Db\WopiMapper;
26		use OCA\Richdocuments\Helper;
27		use OCA\Richdocuments\Db\Wopi;
28		use OCA\Richdocuments\WOPI\Parser;
29		use OCP\Files\File;
30		use OCP\Files\IRootFolder;
31		use OCP\IGroupManager;
32		use OCP\IURLGenerator;
33		use OCP\IUserManager;
34		use OCP\Share\IManager;
35		use OCP\IL10N;
36		use OCP\Util;
37
38		class TokenManager {
39		/** @var IRootFolder */
40		private $rootFolder;
41		/** @var IManager */
42		private $shareManager;
43		/** @var IURLGenerator */
44		private $urlGenerator;
45		/** @var Parser */
46		private $wopiParser;
47		/** @var AppConfig */
48		private $appConfig;
49		/** @var string */
50		private $userId;
51		/** @var WopiMapper */
52		private $wopiMapper;
53		/** @var IL10N */
54		private $trans;
55		/** @var IUserManager */
56		private $userManager;
57		/** @var IGroupManager */
58		private $groupManager;
59
60		/**
61		* @param IRootFolder $rootFolder
62		* @param IManager $shareManager
63		* @param IURLGenerator $urlGenerator
64		* @param Parser $wopiParser
65		* @param AppConfig $appConfig
66		* @param string $UserId
67		* @param WopiMapper $wopiMapper
68		* @param IL10N $trans
69		*/
70	View Code Duplication	public function __construct(IRootFolder $rootFolder,
		0 ignored issues – show Duplication introduced 2018-03-27 11:58 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
71		IManager $shareManager,
72		IURLGenerator $urlGenerator,
73		Parser $wopiParser,
74		AppConfig $appConfig,
75		$UserId,
76		WopiMapper $wopiMapper,
77		IL10N $trans,
78		IUserManager $userManager,
79		IGroupManager $groupManager) {
80		$this->rootFolder = $rootFolder;
81		$this->shareManager = $shareManager;
82		$this->urlGenerator = $urlGenerator;
83		$this->wopiParser = $wopiParser;
84		$this->appConfig = $appConfig;
85		$this->trans = $trans;
86		$this->userId = $UserId;
87		$this->wopiMapper = $wopiMapper;
88		$this->userManager = $userManager;
89		$this->groupManager = $groupManager;
90		}
91
92		/**
93		* @param string $fileId
94		* @param string $shareToken
95		* @param string $editoruid
96		* @return array
97		* @throws \Exception
98		*/
99		public function getToken($fileId, $shareToken = null, $editoruid = null, $direct = false) {
100		list($fileId,, $version) = Helper::parseFileId($fileId);
101		$owneruid = null;
102		$hideDownload = false;
103		// if the user is not logged-in do use the sharers storage
104		if($shareToken !== null) {
105		/** @var File $file */
106		$rootFolder = $this->rootFolder;
107		$share = $this->shareManager->getShareByToken($shareToken);
108		$updatable = (bool)($share->getPermissions() & \OCP\Constants::PERMISSION_UPDATE);
109		$hideDownload = $share->getHideDownload();
110		$owneruid = $share->getShareOwner();
111		} else if ($this->userId !== null) {
112		try {
113		$editoruid = $this->userId;
114		$rootFolder = $this->rootFolder->getUserFolder($editoruid);
115
116		$files = $rootFolder->getById((int)$fileId);
117		$updatable = false;
118		foreach ($files as $file) {
119		if ($file->isUpdateable()) {
120		$updatable = true;
121		break;
122		}
123		}
124
125		// Check if the editor (user who is accessing) is in editable group
126		// UserCanWrite only if
127		// 1. No edit groups are set or
128		// 2. if they are set, it is in one of the edit groups
129		$editGroups = array_filter(explode('\|', $this->appConfig->getAppValue('edit_groups')));
130		$editorUser = $this->userManager->get($editoruid);
131	View Code Duplication	if ($updatable && count($editGroups) > 0 && $editorUser) {
132		$updatable = false;
133		foreach($editGroups as $editGroup) {
134		$editorGroup = $this->groupManager->get($editGroup);
135		if ($editorGroup !== null && $editorGroup->inGroup($editorUser)) {
136		$updatable = true;
137		break;
138		}
139		}
140		}
141		} catch (\Exception $e) {
142		throw $e;
143		}
144		} else {
145		$rootFolder = $this->rootFolder;
146		// no active user login while generating the token
147		// this is required during WopiPutRelativeFile
148		if (is_null($editoruid)) {
149		\OC::$server->getLogger()->warning('Generating token for SaveAs without editoruid');
150		} else {
151		// Make sure we use the user folder if available since fetching all files by id from the root might be expensive
152		$rootFolder = $this->rootFolder->getUserFolder($editoruid);
153		}
154		$updatable = true;
155		}
156		/** @var File $file */
157		$file = $rootFolder->getById($fileId)[0];
158		// If its a public share, use the owner from the share, otherwise check the file object
159		if (is_null($owneruid)) {
160		$owner = $file->getOwner();
161		if (is_null($owner)) {
162		// Editor UID instead of owner UID in case owner is null e.g. group folders
163		$owneruid = $editoruid;
164		} else {
165		$owneruid = $owner->getUID();
166		}
167		}
168		$serverHost = $this->urlGenerator->getAbsoluteURL('/');//$this->request->getServerProtocol() . '://' . $this->request->getServerHost();
169
170		if ($this->userId === null && isset($_COOKIE['guestUser']) && $_COOKIE['guestUser'] !== '') {
171		$guest_name = $this->trans->t('%s (Guest)', Util::sanitizeHTML($_COOKIE['guestUser']));
172		} else {
173		$guest_name = NULL;
174		}
175
176		$wopi = $this->wopiMapper->generateFileToken($fileId, $owneruid, $editoruid, $version, (int)$updatable, $serverHost, $guest_name, 0, $hideDownload, $direct);
177
178		try {
179
180		return [
181		$this->wopiParser->getUrlSrc($file->getMimeType())['urlsrc'],
182		$wopi->getToken(),
183		];
184		} catch (\Exception $e){
185		throw $e;
186		}
187		}
188
189		public function getTokenForTemplate(File $file, $userId, $templateDestination, $direct = false) {
190		$owneruid = $userId;
191		$editoruid = $userId;
192		$updatable = $file->isUpdateable();
193		// Check if the editor (user who is accessing) is in editable group
194		// UserCanWrite only if
195		// 1. No edit groups are set or
196		// 2. if they are set, it is in one of the edit groups
197		$editGroups = array_filter(explode('\|', $this->appConfig->getAppValue('edit_groups')));
198		$editorUser = $this->userManager->get($editoruid);
199	View Code Duplication	if ($updatable && count($editGroups) > 0 && $editorUser) {
200		$updatable = false;
201		foreach($editGroups as $editGroup) {
202		$editorGroup = $this->groupManager->get($editGroup);
203		if ($editorGroup !== null && $editorGroup->inGroup($editorUser)) {
204		$updatable = true;
205		break;
206		}
207		}
208		}
209
210		$serverHost = $this->urlGenerator->getAbsoluteURL('/');
211
212		$wopi = $this->wopiMapper->generateFileToken($file->getId(), $owneruid, $editoruid, 0, (int)$updatable, $serverHost, null, $templateDestination, $direct);
213
214		return [
215		$this->wopiParser->getUrlSrc($file->getMimeType())['urlsrc'],
216		$wopi->getToken(),
217		];
218		}
219		}
220

nextcloud / richdocuments

Push — master ( 040597...de1065 )

lib/TokenManager.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like